rn10950 · LeoKids · May 26, 2024 · May 26, 2024 · May 26, 2024 · May 26, 2024
diff --git a/netwerk/base/public/security-prefs.js b/netwerk/base/public/security-prefs.js
@@ -56,6 +56,10 @@ pref("security.ssl3.rsa_null_md5", false);
 pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
 pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
 
+pref("security.tls13.chacha20_poly1305_sha256", true);
+pref("security.tls13.aes_128_gcm_sha256", true);
+pref("security.tls13.aes_256_gcm_sha384", true);
+
 pref("security.default_personal_cert",   "Ask Every Time");
 pref("security.remember_cert_checkbox_default_setting", true);
 pref("security.ask_for_password",        0);

diff --git a/nsprpub/pr/include/prbit.h b/nsprpub/pr/include/prbit.h
@@ -41,6 +41,37 @@
 #include "prtypes.h"
 PR_BEGIN_EXTERN_C
 
+/*
+** Replace compare/jump/add/shift sequence with compiler built-in/intrinsic
+** functions.
+*/
+#if defined(_WIN32) && (_MSC_VER >= 1300) && \
+    (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_ARM))
+  unsigned char _BitScanForward(unsigned long * Index, unsigned long Mask);
+  unsigned char _BitScanReverse(unsigned long * Index, unsigned long Mask);
+# pragma  intrinsic(_BitScanForward,_BitScanReverse)
+  __forceinline static int __prBitScanForward32(unsigned int val)
+  { 
+    unsigned long idx;
+    _BitScanForward(&idx, (unsigned long)val);
+    return( (int)idx );
+  }
+  __forceinline static int __prBitScanReverse32(unsigned int val)
+  {
+    unsigned long idx;
+    _BitScanReverse(&idx, (unsigned long)val);
+    return( (int)(31-idx) );
+  }
+# define pr_bitscan_ctz32(val)  __prBitScanForward32(val)
+# define pr_bitscan_clz32(val)  __prBitScanReverse32(val)
+# define  PR_HAVE_BUILTIN_BITSCAN32
+#elif ((__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) && \
+       (defined(__i386__) || defined(__x86_64__) || defined(__arm__))
+# define pr_bitscan_ctz32(val)  __builtin_ctz(val)
+# define pr_bitscan_clz32(val)  __builtin_clz(val)
+# define  PR_HAVE_BUILTIN_BITSCAN32
+#endif /* MSVC || GCC */
+
 /*
 ** A prbitmap_t is a long integer that can be used for bitmaps
 */
@@ -67,6 +98,13 @@ NSPR_API(PRIntn) PR_FloorLog2(PRUint32 i);
 ** Macro version of PR_CeilingLog2: Compute the log of the least power of
 ** 2 greater than or equal to _n. The result is returned in _log2.
 */
+#ifdef PR_HAVE_BUILTIN_BITSCAN32 
+#define PR_CEILING_LOG2(_log2,_n)      \
+  PR_BEGIN_MACRO                       \
+    PRUint32 j_ = (PRUint32)(_n);      \
+    (_log2) = (j_ <= 1 ? 0 : 32 - pr_bitscan_clz32(j_ - 1)); \
+  PR_END_MACRO
+#else
 #define PR_CEILING_LOG2(_log2,_n)   \
   PR_BEGIN_MACRO                    \
     PRUint32 j_ = (PRUint32)(_n); 	\
@@ -84,13 +122,21 @@ NSPR_API(PRIntn) PR_FloorLog2(PRUint32 i);
     if ((j_) >> 1)                  \
 	(_log2) += 1;               \
   PR_END_MACRO
+#endif /* PR_HAVE_BUILTIN_BITSCAN32 */
 
 /*
 ** Macro version of PR_FloorLog2: Compute the log of the greatest power of
 ** 2 less than or equal to _n. The result is returned in _log2.
 **
 ** This is equivalent to finding the highest set bit in the word.
 */
+#ifdef PR_HAVE_BUILTIN_BITSCAN32
+#define PR_FLOOR_LOG2(_log2,_n)     \
+  PR_BEGIN_MACRO                    \
+    PRUint32 j_ = (PRUint32)(_n);   \
+    (_log2) = 31 - pr_bitscan_clz32((j_) | 1); \
+  PR_END_MACRO
+#else
 #define PR_FLOOR_LOG2(_log2,_n)   \
   PR_BEGIN_MACRO                    \
     PRUint32 j_ = (PRUint32)(_n); 	\
@@ -106,6 +152,7 @@ NSPR_API(PRIntn) PR_FloorLog2(PRUint32 i);
     if ((j_) >> 1)                  \
 	(_log2) += 1;               \
   PR_END_MACRO
+#endif /* PR_HAVE_BUILTIN_BITSCAN32 */
 
 /*
 ** Macros for rotate left and right. The argument 'a' must be an unsigned
@@ -122,14 +169,16 @@ NSPR_API(PRIntn) PR_FloorLog2(PRUint32 i);
 */
 
 #if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || \
-    defined(_M_X64))
+    defined(_M_X64) || defined(_M_ARM))
 #include <stdlib.h>
 #pragma intrinsic(_rotl, _rotr)
 #define PR_ROTATE_LEFT32(a, bits) _rotl(a, bits)
 #define PR_ROTATE_RIGHT32(a, bits) _rotr(a, bits)
+#define PR_ROTATE_RIGHT(a, bits, length) _rotr(a, bits)
 #else
 #define PR_ROTATE_LEFT32(a, bits) (((a) << (bits)) | ((a) >> (32 - (bits))))
 #define PR_ROTATE_RIGHT32(a, bits) (((a) >> (bits)) | ((a) << (32 - (bits))))
+#define PR_ROTATE_RIGHT(a, bits, length) (((a) >> (bits)) ^ ((a) << ((length) - (bits))))
 #endif
 
 PR_END_EXTERN_C

diff --git a/nsprpub/pr/include/prinit.h b/nsprpub/pr/include/prinit.h
@@ -63,10 +63,10 @@ PR_BEGIN_EXTERN_C
 ** The format of the version string is
 **     "<major version>.<minor version>[.<patch level>] [<Beta>]"
 */
-#define PR_VERSION  "4.7.6"
+#define PR_VERSION  "4.7.7"
 #define PR_VMAJOR   4
 #define PR_VMINOR   7
-#define PR_VPATCH   6
+#define PR_VPATCH   7
 #define PR_BETA     PR_FALSE
 
 /*

diff --git a/nsprpub/pr/include/prlock.h b/nsprpub/pr/include/prlock.h
@@ -116,6 +116,26 @@ NSPR_API(void) PR_Lock(PRLock *lock);
 ***********************************************************************/
 NSPR_API(PRStatus) PR_Unlock(PRLock *lock);
 
+/***********************************************************************
+** MACRO:    PR_ASSERT_CURRENT_THREAD_OWNS_LOCK
+** DESCRIPTION:
+**  If the current thread owns |lock|, this assertion is guaranteed to
+**  succeed.  Otherwise, the behavior of this function is undefined.
+** INPUTS:      PRLock *lock
+**              Lock to assert ownership of.
+** OUTPUTS:     void
+** RETURN:      None
+***********************************************************************/
+#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
+#define PR_ASSERT_CURRENT_THREAD_OWNS_LOCK(/* PrLock* */ lock) \
+    PR_AssertCurrentThreadOwnsLock(lock)
+#else
+#define PR_ASSERT_CURRENT_THREAD_OWNS_LOCK(/* PrLock* */ lock)
+#endif
+
+/* Don't call this function directly. */
+NSPR_API(void) PR_AssertCurrentThreadOwnsLock(PRLock *lock);
+
 PR_END_EXTERN_C
 
 #endif /* prlock_h___ */
diff --git a/nsprpub/pr/include/prmon.h b/nsprpub/pr/include/prmon.h
@@ -108,6 +108,21 @@ NSPR_API(PRStatus) PR_Notify(PRMonitor *mon);
 */
 NSPR_API(PRStatus) PR_NotifyAll(PRMonitor *mon);
 
+/*
+** PR_ASSERT_CURRENT_THREAD_IN_MONITOR
+** If the current thread is in |mon|, this assertion is guaranteed to
+** succeed.  Otherwise, the behavior of this function is undefined.
+*/
+#if defined(DEBUG) || defined(FORCE_PR_ASSERT)
+#define PR_ASSERT_CURRENT_THREAD_IN_MONITOR(/* PRMonitor* */ mon) \
+    PR_AssertCurrentThreadInMonitor(mon)
+#else
+#define PR_ASSERT_CURRENT_THREAD_IN_MONITOR(/* PRMonitor* */ mon)
+#endif
+
+/* Don't call this function directly. */
+NSPR_API(void) PR_AssertCurrentThreadInMonitor(PRMonitor *mon);
+
 PR_END_EXTERN_C
 
 #endif /* prmon_h___ */
diff --git a/nsprpub/pr/include/prtypes.h b/nsprpub/pr/include/prtypes.h
@@ -403,16 +403,28 @@ typedef long PRInt32;
 #if PR_BYTES_PER_LONG == 8 && !defined(__APPLE__)
 typedef long PRInt64;
 typedef unsigned long PRUint64;
+#define PR_INT64(x)  x ## L
+#define PR_UINT64(x) x ## UL
 #elif defined(WIN16)
 typedef __int64 PRInt64;
 typedef unsigned __int64 PRUint64;
+#define PR_INT64(x)  x ## i64
+#define PR_UINT64(x) x ## ui64
 #elif defined(WIN32) && !defined(__GNUC__)
 typedef __int64  PRInt64;
 typedef unsigned __int64 PRUint64;
+#define PR_INT64(x)  x ## i64
+#define PR_UINT64(x) x ## ui64
 #else
 typedef long long PRInt64;
 typedef unsigned long long PRUint64;
+#define PR_INT64(x)  x ## LL
+#define PR_UINT64(x) x ## ULL
 #endif /* PR_BYTES_PER_LONG == 8 */
+
+#define PR_INT64_MAX PR_INT64(0x7fffffffffffffff)
+#define PR_INT64_MIN (-PR_INT64_MAX - 1)
+#define PR_UINT64_MAX PR_UINT64(-1)
 #else  /* !HAVE_LONG_LONG */
 typedef struct {
 #ifdef IS_LITTLE_ENDIAN
@@ -422,6 +434,10 @@ typedef struct {
 #endif
 } PRInt64;
 typedef PRInt64 PRUint64;
+
+#define PR_INT64_MAX (PRInt64){0x7fffffff, 0xffffffff}
+#define PR_INT64_MIN (PRInt64){0xffffffff, 0xffffffff}
+#define PR_UINT64_MAX (PRUint64){0xffffffff, 0xffffffff}
 #endif /* !HAVE_LONG_LONG */
 
 /************************************************************************

diff --git a/nsprpub/pr/src/bthreads/btlocks.c b/nsprpub/pr/src/bthreads/btlocks.c
@@ -114,3 +114,10 @@ PR_IMPLEMENT(PRStatus)
 
     return PR_SUCCESS;
 }
+
+PR_IMPLEMENT(void)
+    PR_AssertCurrentThreadOwnsLock(PRLock *lock)
+{
+    PR_ASSERT(lock != NULL);
+    PR_ASSERT(lock->owner == find_thread( NULL ));
+}
diff --git a/nsprpub/pr/src/bthreads/btmon.c b/nsprpub/pr/src/bthreads/btmon.c
@@ -217,3 +217,12 @@ PR_IMPLEMENT(PRIntn)
     return( mon->entryCount );
 }
 
+/*
+** If the current thread is in |mon|, this assertion is guaranteed to
+** succeed.  Otherwise, the behavior of this function is undefined.
+*/
+PR_IMPLEMENT(void)
+    PR_AssertCurrentThreadInMonitor(PRMonitor *mon)
+{
+    PR_ASSERT_CURRENT_THREAD_OWNS_LOCK(mon->cvar->lock);
+}
diff --git a/nsprpub/pr/src/nspr.def b/nsprpub/pr/src/nspr.def
@@ -469,3 +469,8 @@ EXPORTS ;-
 ;+	global:
 		PR_ParseTimeStringToExplodedTime;
 ;+} NSPR_4.6;
+;+NSPR_4.8 {
+;+	global:
+		PR_AssertCurrentThreadOwnsLock;
+		PR_AssertCurrentThreadInMonitor;
+;+} NSPR_4.7;
diff --git a/nsprpub/pr/src/pthreads/ptsynch.c b/nsprpub/pr/src/pthreads/ptsynch.c
@@ -208,8 +208,12 @@ PR_IMPLEMENT(void) PR_Lock(PRLock *lock)
     PR_ASSERT(0 == lock->notified.length);
     PR_ASSERT(NULL == lock->notified.link);
     PR_ASSERT(PR_FALSE == lock->locked);
-    lock->locked = PR_TRUE;
+    /* Nb: the order of the next two statements is not critical to
+     * the correctness of PR_AssertCurrentThreadOwnsLock(), but 
+     * this particular order makes the assertion more likely to
+     * catch errors. */
     lock->owner = pthread_self();
+    lock->locked = PR_TRUE;
 #if defined(DEBUG)
     pt_debug.locks_acquired += 1;
 #endif
@@ -241,6 +245,15 @@ PR_IMPLEMENT(PRStatus) PR_Unlock(PRLock *lock)
     return PR_SUCCESS;
 }  /* PR_Unlock */
 
+PR_IMPLEMENT(void) PR_AssertCurrentThreadOwnsLock(PRLock *lock)
+{
+    /* Nb: the order of the |locked| and |owner==me| checks is not critical 
+     * to the correctness of PR_AssertCurrentThreadOwnsLock(), but 
+     * this particular order makes the assertion more likely to
+     * catch errors. */
+    PR_ASSERT(lock->locked && pthread_equal(lock->owner, pthread_self()));
+}
+
 
 /**************************************************************/
 /**************************************************************/
@@ -516,6 +529,11 @@ PR_IMPLEMENT(PRIntn) PR_GetMonitorEntryCount(PRMonitor *mon)
     return 0;
 }
 
+PR_IMPLEMENT(void) PR_AssertCurrentThreadInMonitor(PRMonitor *mon)
+{
+    PR_ASSERT_CURRENT_THREAD_OWNS_LOCK(&mon->lock);
+}
+
 PR_IMPLEMENT(void) PR_EnterMonitor(PRMonitor *mon)
 {
     pthread_t self = pthread_self();

diff --git a/nsprpub/pr/src/threads/combined/prulock.c b/nsprpub/pr/src/threads/combined/prulock.c
@@ -403,6 +403,16 @@ PR_IMPLEMENT(PRStatus) PR_Unlock(PRLock *lock)
 #endif  /* _PR_GLOBAL_THREADS_ONLY */
 }
 
+/*
+**  If the current thread owns |lock|, this assertion is guaranteed to
+**  succeed.  Otherwise, the behavior of this function is undefined.
+*/
+PR_IMPLEMENT(void) PR_AssertCurrentThreadOwnsLock(PRLock *lock)
+{
+    PRThread *me = _PR_MD_CURRENT_THREAD();
+    PR_ASSERT(lock->owner == me);
+}
+
 /*
 ** Test and then lock the lock if it's not already locked by some other
 ** thread. Return PR_FALSE if some other thread owned the lock at the

diff --git a/nsprpub/pr/src/threads/prmon.c b/nsprpub/pr/src/threads/prmon.c
@@ -144,6 +144,15 @@ PR_IMPLEMENT(PRIntn) PR_GetMonitorEntryCount(PRMonitor *mon)
         mon->entryCount : 0;
 }
 
+/*
+** If the current thread is in |mon|, this assertion is guaranteed to
+** succeed.  Otherwise, the behavior of this function is undefined.
+*/
+PR_IMPLEMENT(void) PR_AssertCurrentThreadInMonitor(PRMonitor *mon)
+{
+    PR_ASSERT_CURRENT_THREAD_OWNS_LOCK(mon->cvar->lock);
+}
+
 /*
 ** Wait for a notify on the condition variable. Sleep for "ticks" amount
 ** of time (if "tick" is 0 then the sleep is indefinite). While

diff --git a/security/manager/Makefile.in b/security/manager/Makefile.in
@@ -154,6 +154,7 @@ DEFAULT_GMAKE_FLAGS += NSPR_LIB_DIR=$(NSPR_LIB_DIR)
 DEFAULT_GMAKE_FLAGS += MOZILLA_CLIENT=1
 DEFAULT_GMAKE_FLAGS += NO_MDUPDATE=1
 DEFAULT_GMAKE_FLAGS += NSS_ENABLE_ECC=1
+DEFAULT_GMAKE_FLAGS += NSS_ENABLE_TLS_1_3=1
 ABS_topsrcdir   := $(shell cd $(topsrcdir); pwd)
 ifneq ($(ABS_topsrcdir),$(MOZ_BUILD_ROOT))
 DEFAULT_GMAKE_FLAGS += BUILD_TREE=$(MOZ_BUILD_ROOT)

diff --git a/security/manager/pki/resources/content/PageInfoOverlay.xul b/security/manager/pki/resources/content/PageInfoOverlay.xul
@@ -115,6 +115,9 @@
             case 3:
               protocolVersion = " (TLS1.2)";
               break;
+            case 4:
+              protocolVersion = " (TLS1.3)";
+              break;
           }
           return {
             hostName : hName,

diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -952,6 +952,10 @@ static CipherPref CipherPrefs[] = {
  {"security.ssl3.rsa_seed_sha", TLS_RSA_WITH_SEED_CBC_SHA}, // SEED encryption with RSA and a SHA1 MAC
  {"security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, // 128-bit AES-GCM encryption with ECDHE-ECDSA
  {"security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, // 128-bit AES-GCM encryption with ECDHE-RSA
+ {"security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, // 256-bit ChaCha20-Poly1305 encryption with ECDHE-RSA
+ {"security.ssl3.chacha20_poly1305_sha256", TLS_CHACHA20_POLY1305_SHA256}, // TLS 1.3 256-bit ChaCha20-Poly1305 encryption
+ {"security.ssl3.aes_128_gcm_sha256", TLS_AES_128_GCM_SHA256}, // TLS 1.3 128-bit AES-GCM encryption
+ {"security.ssl3.aes_256_gcm_sha384", TLS_AES_256_GCM_SHA384}, // TLS 1.3 256-bit AES-GCM encryption
  {NULL, 0} /* end marker */
 };